Base solution for your next web application
Open Closed

Email Confirmation expiration #5270

User avatar
0
joe704la created

Is there an email confirmation expiration on the confirmation link that is sent out? If so is there a way to change it?

Go to accepted answer
5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    There is currently no validation for the validity period, simply comparing EmailConfirmationCode.

    But asp net identity has its own token expiration time validation.

    So we can consider increasing the expiration date of the confirmation phone and email, changing the password and so on.

  • User Avatar
    0
    joe704la created

    Sorry, I am a little confused. Are you saying the confirmation email that is sent out has an expiration?

  • User Avatar
    0
    maliming created
    Support Team

    asp net identity [https://www.asp.net/identity]) has this feature(Zero also integrates asp net identity), but currently there is no such feature in zero.

  • User Avatar
    0
    maliming created
    Support Team

    hi joe704la

    If you want to implement this feature as soon as possible, You can override Abp.SetNewEmailConfirmationCode by yourself. Customize EmailConfirmationCode and add a timestamp (note that the length should not exceed 328)

    Then perform custom validation in AccountAppService.ActivateEmail.

    I provide an implementation, but you can customize the way you like.

    The DataProtectorTokenProvider uses the TokenLifespan property of the DataProtectionTokenProviderOptions by default to validate the validity period. The default is 1 day.

    Of course, DataProtectionTokenProviderOptions can be customized, please refer to:[https://github.com/aspnet/Docs/issues/5436])

    //Generate email code
var user = await _userManager.FindByIdAsync("3");
var emailCode = await _dataProtectorTokenProvider.GenerateAsync("ActivateEmail", _userManager, user);
//emailCode like CfDJ8BgfrGEzWk9Chdg/C6u19QLFGUhjSSZs12yz/guCxJDzbNUe2vBxSK8OK9gyS+7wDHAt3MYV1tMKEWA0ysONLPBJfyC9qLFbNGxi3S32c6I3vsmCRMOFmTSPoISBIPAHaNgt3lLd76mxxw9Gu4dWraNdhZgOF3GcbdH5namG2ld4YBULmFjwB9WkHMqVXS/V9A==


// send email

//Validate
if (await _dataProtectorTokenProvider.ValidateAsync("ActivateEmail", emailCode, _userManager, user))
{
	//Activate success!
}
else
{
	//Activate fail.
}
  • User Avatar
    0
    alper created
    Support Team

    <cite>joe704la: </cite> Is there an email confirmation expiration on the confirmation link that is sent out? If so is there a way to change it?

    there's no expiration time for the email confirmation. If you want to implement such a feature you can follow @maliming's suggestion.

Assignee
No one
Labels
Non yet